

Application No. 


Applicant(s) 


Notice of Allowability 


09/608,402 


BRICKELL ET AL. 


Examiner 


Art Unit 






Daniel L. Greene 


3621 





The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 
Mi claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1.313 and MPEP 1308. 

1 . ^ This communication is responsive to 3/17/2005 . 

2. ^ The allowed claim(s) is/are 30-41.48-52 and 57-73 . 

3. ^ The drawings filed on 30 June 2000 are accepted by the Examiner. 

4. 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a) □ All b) □ Some* c) □ None of the: 

1. □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received; . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
THIS THREE-MONTH PERIOD IS NOT EXTENDABLE. 

5. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 

INFORMAL PATENT APPLICATION (PTO-152) which gives reason(s) why the oath or declaration is deficient. 

6. □ CORRECTED DRAWINGS ( as "replacement sheets") must be submitted. 

(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 

1 ) □ hereto or 2) □ to Paper No./Mail Date . 

(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 

Identifying indicia such as the application number (see 37 CFR 1.84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 

7. □ DEPOSIT OF and/or INFORMATION about the deposit of BIOLOGICAL MATERIAL must be submitted. Note the 

attached Examiner's comment regarding REQUIREMENT FOR THE DEPOSIT OF BIOLOGICAL MATERIAL. 



Attachment(s) 

1 . S Notice of References Cited (PTO-892) 

2. □ Notice of Draftperson's Patent Drawing Review (PTO-948) 

3. □ Information Disclosure Statements (PTO-1449 or PTO/SB/08), 

Paper NoVMail Date 

4. □ Examiner's Comment Regarding Requirement for Deposit 

of Biological Material 



U.S. Patent and Trademark Office 
PTOL-37 (Rev. 1-04) 



5. □ Notice of Informal Patent Application (PTO-152) 



6. Interview Summary (PTO-413), 
Paper NoVMail Date 3/17/05 . 

7. ^ Examiner's Amendment/Comment 




SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 3600 



Notice of Allowability Part of Paper No./Mail Date 322200 



Application/Control Number: 09/608,402 
Art Unit: 3621 



Page 2 



EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with John F. Conroy on 3/17/05. 

The application has been amended as follows: 

Claims 1-29, 42-47 and 53-56 have been cancelled. 

Claims 30-41 and 48-52 are amended and new claims 57-73 have been added 
as follows. 

Claim 1-29. (Canceled) 

Claim 30. (Currently Amended) A method comprising: 

receiving, over a data transmission network, use information describing a 
first use of a digital credential by an owner of a digital credential, at any 
of a plurality of different services where the digital credential can be 
used, the digital credential being a digital security mechanism associated 
with a the owner's identity; 

receiving use information describing a second use of the digital credential by a 
delegate of the owner of the digital credential, at any of the plurality of different services 
where the digital credential can be used; 
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storing the use information in an activity log; 

generating an activity report for the delegate based on the activity log; 
generating an activity report for the owner based on the activity log; 
allowing said owner to view all reports; and 

allowing said delegate to view only the activity report for the delegate and not the 
activity report for the owner or activity reports for other delegates. 

Claim 31 . (Original) The method of claim 30, wherein the use information 
includes transaction information. 

Claim 32. (Original) The method of claim 30, wherein the use information 
includes verification information for the digital credential. 

Claim 33. (Original) The method of claim 31 , wherein the transaction 
information includes at least one of a message that was signed, a transaction value, an 
online service, an internet protocol (IP) address, a value of the transaction, a date of the 
transaction and a the time of the transaction. 

Claim 34. (Original) The method of claim 30, wherein the digital credential 
includes a digital signature key, and further wherein generating the activity report 
includes associating a 

name to the digital signature key and listing the name of the digital signature key. 



Application/Control Number: 09/608,402 Page 4 

Art Unit: 3621 

Claim 35. (Previously Presented) The method of claim 30, wherein generating 
the activity report for the owner includes generating the activity report upon request by 
an owner of the digital credential. 

Claim 36. (Original) The method of claim 30, wherein generating the 
activity report includes generating the activity report each time the digital credential is 
verified. 

Claim 37. (Original) The method of claim 30, wherein generating the 
activity report includes generating a report periodically. 

Claim 38. (Original) The method of claim 30 further including analyzing the 
activity log to detect misuse of the digital credential. 

Claim 39. (Previously Presented) The method of claim 35, wherein generating 
the activity report includes listing activity for a plurality of digital signature keys 
associated with the owner. 

Claim 40. (Previously Presented) The method of claim 30 further 
comprising: 

authorizing one or more delegates to use a delegated digital credential to act on 
behalf of the owner of the digital credential for specified functions, wherein verifying the 
use of the digital credential includes determining whether the delegated digital 
credential was authorized for the specific use. 
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Claim 41 . (Previously Presented) The method of claim 30, wherein generating 
the activity report for the owner includes generating activity reports of the delegates of 
the owner. 

Claim 42-47. (Canceled) 

Claim 48. (Currently Amended) A method comprising: 

receiving, over a d ata transmission network, transaction requests from a 
plurality of delegate users who are delegated from an owner, wherein the 
transaction requests include digital credentials for the delegate users, the 
digital credentials being digital security mechanisms associated with users 1 
identities; 

processing the transaction requests; and 

communicating transaction information to a central service, wherein the 
transaction information includes the digital credentials of the delegates, the transaction 
information communicated to create, for the plurality of delegate users, activity reports 
regarding the usage of the digital credentials, the activity reports created at the central 
service that said owner is allowed to view while each delegate is allowed to view only 
their own activity report and not allowed to view reports for other delegates. 
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Claim 49. (Original) The method of claim 48, wherein processing the 
transaction requests includes communicating the digital credentials to the central 
service for verification. 

Claim 50. (Previously Presented) The method of claim 48, wherein 
processing a requested transaction includes: 
verifying the digital credential; and 

communicating a result of the verification to the credential service. 

Claim 51 . (Original) The method of claim 48 further includes receiving an 
activity report from the central service, wherein the activity report lists the transaction 
information for each digital credential. 

Claim 52. (Original) The method of claim 48, wherein the transaction 
information includes at least one of a message that was signed, a transaction value, an 
online service, an internet protocol (IP) address, a value of the transaction, a date of the 
transaction and a the time of the transaction. 

Claim 53-56. (Canceled) 

Claim 57. (New) An article comprising a machine-readable medium 
storing instructions operable to cause one or more machines to perform operations 
comprising: 
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receiving, over a data transmission network, use information describing a first 
use of a digital credential by an owner of a digital credential, at any of a plurality of 
different services where the digital credential can be used, the digital credential being a 
digital security mechanism associated with the owner's identity; 

receiving use information describing a second use of the 
digital credential by a delegate of the owner of the digital credential, at any of the 
plurality of different services where the digital credential can be used; 
storing the use information in an activity log; 

generating an activity report for the delegate based on the activity log; 
generating an activity report for the owner based on the activity log; 

allowing said owner to view all reports; and 
allowing said delegate to view only the activity report for the delegate and not the 
activity report for the owner or activity reports for other delegates. 

Claim 58. (New) The article of claim 57, wherein the use information 
includes transaction information. 

Claim 59. (New) The article of claim 57, wherein the use information 
includes verification information for the digital credential. 

Claim 60. (New) The article of claim 58, wherein the transaction 
information includes at least one of a message that was signed, a transaction value, an 



Application/Control Number: 09/608,402 Page 8 

Art Unit: 3621 

online service, an internet protocol (IP) address, a value of the transaction, a date of the 
transaction and a the time of the transaction. 

Claim 61 . (New) The article of claim 57, wherein the digital credential 
includes a digital signature key, and further wherein generating the activity report 
includes associating a name to the digital signature key and listing the name of the 
digital signature key. 

Claim 62. (New) The article of claim 57, wherein generating the activity 
report for the owner includes generating the activity report upon request by an owner of 
the digital credential. 

Claim 63. (New) The article of claim 57, wherein generating the activity report 
includes generating the activity report each time the digital credential is verified. 5 

Claim 64. (New) The article of claim 57, wherein generating the activity report 
includes generating a report periodically. 

Claim 65. (New) The article of claim 57, wherein the operations further 
comprise analyzing the activity log to detect misuse of the digital credential. 

Claim 66. (New) The article of claim 57, wherein generating the activity 
report includes listing activity for a plurality of digital signature keys associated with the 
owner. 
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Claim 67. (New) The article of claim 57, wherein the operations 
further comprise: 

authorizing one or more delegates to use a delegated digital credential to act on 
behalf of the owner of the digital credential for specified functions, wherein verifying the 
use of the digital credential includes determining whether the delegated digital 
credential was authorized for the specific use. 

Claim 68. (New) The article of claim 57, wherein generating the activity 
report for the owner includes generating activity reports of the delegates of the owner. 

Claim 69. (New) An article comprising a machine-readable medium storing 
instructions operable to cause one or more machines to perform operations comprising: 

receiving, over a data transmission network, transaction requests from a plurality 
of delegate users who are delegated from an owner, wherein the transaction requests 
include digital credentials for the delegate users, the digital credentials being digital 
security mechanisms associated with users 1 identities; 

processing the transaction requests; and 

communicating transaction information to a central service, wherein the 
transaction information includes the digital credentials of the delegates, the transaction 
information communicated to create, for the plurality of delegate users, activity reports 
regarding the usage of the digital credentials, the activity reports created at the central 
service that said owner is allowed to view while each delegate is allowed to view only 
their own activity report and not allowed to view reports for other delegates. 



Application/Control Number: 09/608,402 



Art Unit: 3621 



Page 10 



Claim 70. (New) The article of claim 69, wherein processing the transaction 
requests includes communicating the digital credentials to the central service for 
verification. 

Claim 71 . (New) The article of claim 69, wherein processing a requested 
transaction includes: 

verifying the digital credential; and communicating a result of the verification to 
the credential service. 

Claim 72. (New) The article of claim 69, wherein the operations further 
comprise receiving a activity report from the central service, wherein the activity report 
lists the 

transaction information for each digital credential. 

Claim 73. (New) The article of claim 69, wherein the transaction 
information includes at least one of a message that was signed, a transaction value, an 
online service, an internet protocol (IP) address, a value of the transaction, a date of the 
transaction and a the time of the transaction. 

The following is an examiner's statement of reasons for allowance: 
As per claims 30, 48, 57 and 69, the closest prior art of record Anderson et al. 
U.S. Patent 6,021,202, Vance et al. U.S. Patent 6,442,526 and Musgrave U.S. Patent 
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6,105,010 taken either individually or in combination with other prior art of record fails to 
teach or suggest a credential verification service (CVS) that authenticates digital 
credentials requests of an owner and his/her delegates of online service providers. The 
CVS stores the authentication results and transaction information at a central activity log 
center. 

The CVS generates an activity report from the activity log that lists the 
authentication results and the transaction information. A fraud detection module within 
the CVS analyzes the activity log to identify any unusual patterns order identify 
fraudulent activities or general misuse of the digital credential. 

The specific allowable feature, which distinguishes the present invention over the 
prior art is the owner of the digital certificate can view all the reports associated with 
his/her digital certificate while, the owners delegates can only view their own activity 
report. 

Claims 31-41, 49-52, 58-68 and 70-73 are dependent upon Claims 30, 48, 57 
and 69 respectively, and thus have all the limitations of Claims 30, 48, 57 and 69 
respectively and are allowable for that reason.. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays/should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Daniel L. Greene whose telephone number is 703-306- 
5539. The examiner can normally be reached on M-Thur. 8am-6pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James P. Trammell can be reached on 703-305-9768. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Daniel L. Greene 
Examiner 
Art Unit 3621 

3/22/2005 



